We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

PC World does it again

Once more unto the breach for the high street store

Dixons Stores Group has once again been caught potentially breaching the Data Protection Act 1998 (see Advisors passim). But the DPA, it transpires, is deeply flawed in favour of such action.

The Information Commissioner, who enforces the DPA, has also admitted that PC World, like other retailers, is not even legally obliged to report privacy breaches. PC World is owned by Dixons Stores Group. Nor is the Commissioner required to investigate complaints unless they come from victims of such behaviour.

But these people will probably never even know they are victims. PC Advisor reader Mr Patterson bought a replacement hard drive from his local branch of PC World only to discover it contained personal and business data belonging to someone else. After gathering irrefutable evidence that the hard drive had a previous owner, he contacted the Information Commissioner.

But the Information Commissioner wasn't interested. According to Section 42 of the DPA, the person whose data has been compromised has to report the incident.

As Mr Patterson's private data had not been disclosed in any way, the Information Commissioner would not initiate an investigation into the matter. Mr Patterson then decided to bring the matter to PC Advisor's attention.

Dixons Stores Group issued a statement about this matter to PC Advisor. "We are sorry to hear that a spare part has apparently been supplied without our mandatory reconditioning taking place," it said.

Myles Jelf of law firm Bristows told PC Advisor that this is not necessarily a loophole in the legislation, but a simple issue of making laws that can easily and effectively be applied.

"The act gives us the right to have a say in what happens to our information. Once you say that anyone can make a complaint, you open up a whole other can of worms," he said.

But Jelf agreed that the way the Act is written means that PC World doesn't have to report a privacy breach and the Commissioner need not listen to a complaint unless it's from a victim.

Elizabeth Dunn, compliance manager at the Information Commissioner, confirmed that under the terms of the Act only a complaint from the person who is directly affected by the disclosure of the information, or someone acting on their behalf, can trigger an investigation. She did, however, intimate that this is not an ideal rule to apply in every case. "It is something that we are looking at," she said.

When asked what a customer should do if they found someone else's data on any item they purchase, she recommended reporting the incident to the reseller, in this case the PC World store in Aintree, Liverpool.

IDG UK Sites

Windows 9 release date, price, features: Videos leak as Microsoft sets 30 September unveiling

IDG UK Sites

The top 10 Apple products ranked by pixel density: Which Apple devices have the sharpest screens?

IDG UK Sites

SBTRKT's Look Away webcam-based interactive music video won't keep your gaze

IDG UK Sites

Retina MacBook Air release date rumours and specs: Gold 12in Retina MacBook Air almost 1cm thinner...